lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 01 Jul 2020 15:53:48 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH net-next] bonding: allow xfrm offload setup

From: Jarod Wilson <>
Date: Tue, 30 Jun 2020 14:49:41 -0400

> At the moment, bonding xfrm crypto offload can only be set up if the bonding
> module is loaded with active-backup mode already set. We need to be able to
> make this work with bonds set to AB after the bonding driver has already
> been loaded.
> So what's done here is:
> 1) move #define BOND_XFRM_FEATURES to net/bonding.h so it can be used
> by both bond_main.c and bond_options.c
> 2) set BOND_XFRM_FEATURES in bond_dev->hw_features universally, rather than
> only when loading in AB mode
> 3) wire up xfrmdev_ops universally too
> 4) disable BOND_XFRM_FEATURES in bond_dev->features if not AB
> 5) exit early (non-AB case) from bond_ipsec_offload_ok, to prevent a
> performance hit from traversing into the underlying drivers
> 5) toggle BOND_XFRM_FEATURES in bond_dev->wanted_features and call
> netdev_change_features() from bond_option_mode_set()
> In my local testing, I can change bonding modes back and forth on the fly,
> have hardware offload work when I'm in AB, and see no performance penalty
> to non-AB software encryption, despite having xfrm bits all wired up for
> all modes now.
> Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
> Reported-by: Huy Nguyen <>
> Signed-off-by: Jarod Wilson <>

Applied, thanks.

Powered by blists - more mailing lists